Continue our talk about last participant of the project - WP-ContactForm. It is plugin for WordPress. Vulnerable version is WP-ContactForm 2.0.7 (and previous versions).

This plugin with built-in captcha in addition to Insufficient Anti-automation is also vulnerable for XSS (like Math Comment Spam Protection). These Cross-Site Scripting holes I found 26.11.2007.

There are six XSS holes and they are persistent XSS (in some cases CSRF + XSS attacks can be used). Holes are at plugin options page (http://site/wp-admin/admin.php?page=wp-contact-form/
options-contactform.php) in parameters wpcf_email, wpcf_subject, wpcf_question, wpcf_answer, wpcf_success_msg, wpcf_error_msg. For attacking you need to make POST request to plugin options script.